security – Is there a way to globallly apply esc_html( … ) to all inputs and anchors to filter out XSS markup?


I’m new to XSS prevention only 2 years into WP development, so I am hoping there’s an easy solution. Installing a plugin designed to prevent XSS abuse is not an option. I need to programmatically, globally escape input values and anchor hrefs to prevent malicious XSS on a minisite. I was wondering if I could do this in the functions.php file with this function, except I think “the_content” filter is too broad:

add_filter("the_content", "prevent_xss");

function prevent_xss($the_Post)
 $the_New_Post = str_replace(array(‘&’,’<’,’>’),array(‘&’,’<’,’>’), $the_Post);
 return $the_New_Post;

Any help would be greatly appreciated. Thank you in advance.

user3038672 3 weeks 2021-11-04T19:10:41-05:00 0 Answers 0 views 0

Leave an answer